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• Mandate: Implement the policy to disseminate information 
about hardware and software vulnerabilities known to the 
USG found in GOTS, COTS or other commercial IT or 
industry control products or systems. 

• Purpose: To ensure that dissemination decisions regarding 
the existence of a vulnerability are made quickly, in full 
consultation with all concerned USG organizations and in 
the best interest of the USG mission of cybersecurity, 
information assurance, intelligence, counterintelligence, 
law enforcement, military operations and critical 
infrastructure protection 
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1 st classify or designate for special handling 

Determine if the vulnerability reaches the threshold. If so, notify the 
Executive Secretariat* (ES) ASAP. 

- Criteria-the vulnerability must be both newly discovered and not publicly 
known 

— Optional-vulnerabilities identified prior to the effective date of April 7 th - 

The ES will notify all VEP POCs of the vulnerability and request they 
respond if they have an equity at stake and want to participate in the 
decision process. 

SME from each organization with an equity will participate in the 
discussions to produce recommendation to the ERB for decision 



*The NSA/Information Assurance Directorate will serve the Executive Secretariat 

■ t wwi^ratw * ‘ * ***** * ns ' h.m T r y ■ m. v. . j . . . ■ 1 . r f *■ « *» ' • 

• ' • -J- . • • • - C ; r.'* ->.>* J*** htL»r\L- *I , "LJI , <N • i * s *« ?•£■<£* tv ,s -k i«r ' .vN r - ; V ‘ <4,' # - *? * ’> w • .MgK3eWS 








The policy document "Commercial and 
Government Information Technology and Industrial 
Control Product or System Vulnerability Policy and 
Process" dated 2/16/10 was provide by email. 


Point of contact on policy matters for the 1 FBI is 
Cyber Division, Strategic Initiatives UC 
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• The focus of this committee is to ensure 
dissemination decisions regarding the existence 
of a vulnerability is made quickly, in full 
consultation with all concerned divisions and in 
the best interest of intelligence collection, 
investigative matters and information assurance. 
Understanding that in most circumstances all 
three interest will not be satisfied but the best 
resolution for the overall good will be put forth to 
the USIC ERB. 










Sent: 

Subject: 


Thursday, April 17, 2014 10:52 AM 
ERB Prep Informration for 4/21 Meeting — 



Importance: High 


Classification: 



Classif ied^Bv : E>#M74K85 

Derived From>>^I NSIC, dated 20120629 

Declassifv^On : 2(J>9H231 


FOR OTD INTERNAL USE 


All, 


I will be g oing on annual leave and will not be able to participate in the meeting on 4/21] 

I have pulled together some of the more relevant points to help OTD discuss and gather a position on this 

matter. I will be available later today to discuss in detail if there are any questions. Until OTD management establishes a 
position, I ask that further distribution of this message be limited. 
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has spoken to 


He and his SC have been invited to represent CID at the meeting on Monday. 


Thanks, 
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ALL INFORIIAT 101*1 LOUT AIMED 
HEREIN IS UNCLASSIFIED EXCEPT 
WHERE ;:«■! OTHERWISE 



CLASS lilli BY MS IOG/C3 2WS SB 3 1 
REASON: 1 . 4 (C) 

TOT I A qc T1T¥ < (1M - 1 

[ Bo off fc-ficF bomt ^ m fo oc -ww iU | c Vo <l rn *8 -w , 1 , . .y* , 4mu ^W" 

CATS: 12-22-2014 



Sent: 

Subject: 


Thursday, April 24, 2014 9:57 AM 

RE: VuInerability/Zero-day discussion — S 




Classification: ^S)56^C]5 t 

Classif i^sl s By>'''£37W35B81 
Derived^Pfd^FBI NSIC, dated 20120629 
Declassify Orn\20391231 


TRANSITORY RECORD 
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When: Monday, May 05, 2014 10:00 AM-12:00 PM (UTC-05:00) Eastern Time (US & Canada). 
Where: HQ Rmlll60 . 


Classification: 




Classification: 


Classification: 


